Help with a trojan horse thingy!!

G

gazgaz

Hey guys,

I'v got one of those virus things that add all that shit to you favourites and changes you home page. I'v had them plenty of times before and always used "CW Shredder" to kick its ass, but with this one its wiped CW Shredder from my computer and if you try to download it it closes the browser! and worst of all if I try to go to freeones.com it redirects me to some page thats nothing, and its the same with some other sites.

I'd realy appreciate it if some one could help me out, any ideas please shout up.

Cheers Guys
Gaz
 
pitino

pitino

are you talking to me?
try
spybot - search & destroy
ad-aware

both with their latest updates...
 
G

gazgaz

Thanks for the help but when it gets right to the end of the download it says can not read from source file. Its done that with other similar programmes
 
S

SovereignAxe

Closed Account
i used to have something similar, it was a script that blocked me from going to almost every antivirus site that existed. it ended up being a .txt file which listed all the sites the program didn't want me visiting so i just deleted all of the sites and resaved the file.

that was a long time ago so i'm not sure if how much of that was correct. but if you think it might be worth trying, for me the file was under C:\WINNT\system32\drivers\etc. if it's there it should be the only text file there. if it's not it might be a .ini file.

like i said, i doubt that will work but i figured it was worth a try.
btw, the virus was called Gaobot.gen.
 
Saigon

Saigon

The Problem is that the damned virus (trojan) is loaded on OS-Start!
Try to start your OS in safety-mode - so the most drivers are not loaded on start.
Try to get a internet-connection and download the proggies again.
If it dos'nt works:
Start your Task Manager (Ctrl+Alt+Del) and check what Processes are loaded. Most, the Virus starts whith a well known Prog, like Printer-settings or some executeable files you don't have startet manually.
Locate the Process, and start 'msconfig'
uncheck the Process to be loaded on start and start your os again.
In most cases this should work!
Otherwise you have to modify your Reg (start 'regedt32.exe')
switch to: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the key you don't want to be loaded on Startup.
This could be a little Help - i hope.
There can be so many cases for a virus (trojan) to be started.

Best way: go and by NortonIS

(Sorry, for my bad english - never learned!)

Saigon
 
V

vromos

download spysweeper ...freeware and very good,,,removes adware spyware etc......try it ...works fine for me
if u r using internet explorer download service pack 2
if u cant download sp2 cause u have a copy of windows try a diffrent explorer like firefox stops pop ups and redirects...
www.download.com for ''spysweeper'' and ''firefox''
good luck
if it is trojan u will need an antivirus software
 
G

gazgaz

Sadly none of these things work, it just stops downloads.

On the Freeones home page there was a link, where the link for the forum link used to be, its titled "important message to all" could some one please post that link coz i seem to remember it saying something about it. cheers again
 
Saigon

Saigon

Ok - here is the Link for Information about the Virus (on FO's HP):
from mcafee
and here is the Micro$oft Patch:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp

To solve such Problems you had while DL's plz delete the hosts-file on your system:
C:\Windows\system32\drivers\etc or: C:\WinNT\system32\drivers\etc
In this File are wrong entries, so u can't reach some adresses.
(If you are in a Network Area or you have an Exchange Account you need to make those entries again after restarting your System or call your Admin to do that for you)

Hope this helps this time.
For more help plz ==> PM


(Sorry, for my bad english - never learned!)
 
big lu

big lu

gazgaz said:
Sadly none of these things work, it just stops downloads.

On the Freeones home page there was a link, where the link for the forum link used to be, its titled "important message to all" could some one please post that link coz i seem to remember it saying something about it. cheers again
Click to expand...


the "spybot - search & destroy" update that pitino mentioned should have worked

Did you try that?

here's the direct link

http://spybot.dalnet.com.fr/spybotsd13.exe

if not, try these

http://www.download.com/redir?pid=1...=8022&dlrs=1&destUrl=/3001-8022-10214379.html

http://www.webattack.com/dlnow/rdir.dll?id=105693

http://www.tomcoyote.com/hjt/
 
G

gazgaz

I got the bastard!!:nanner:

I went on another computer, burnt "Hijack This" on to a CD went home popped it into my CD drive, but the virus made it dissapear of the cd, it looked like nothing was there, but i went to "run" and typed its destination and blammo! my foot is still up that virus's ass:rolleyes:

Thanks for your help and support guys through this difficult time without freeones:rofl:
 
You must log in or register to reply here.

Similar threads

T
Red light summer
2
Replies
32
Views
8K
Tripod
T
DrakeM
  • Locked
Custom User Title List (the usually silly words under your username)
2 3 4 5
Replies
96
Views
24K
Steve-FreeOnes
Steve-FreeOnes
D
Diary of a College Sex Fiend Part 1: Janis
Replies
0
Views
5K
denniswriter0
D
L
Trojan Horse, download trojan horse at faked Freeones
Replies
15
Views
2K
cuntlover
C
Mr_Stiffy
Debbie Loses Herself - a glamour model masturbation fantasy
Replies
3
Views
2K
ban-one
ban-one
Top